Phishing Scam Reportedly Iranian Backed

A report was released today by the Citizen Lab at the Munk School of Global Affairs at the University of Toronto describing a phishing campaign conducted against Iranian dissident.

The scheme was foiled by use of two factor authentication (2FA).

Although no direct link was made to Iranian hackers, the report did indicate that the scheme was similar to other schemes carried out by Iranian hackers.

John Scott Railton, a senior researcher at Citizen Labs, would not divulge the exact number of victims involved nor point out what the goal was other than to say all but one victim lived outside of Iran and any information grabbed would likely be used for nefarious purposes.

“Once they [the attackers] get into their [victims'] email they can get a lot of information which can be used in many ways,” he said.

The report stated that the attacks were particularly dangerous and well planned. “These attackers have clearly conducted some detailed research into their targets' activities, further suggesting a highly targeted attack.”

"In this case, attackers had to phish two pieces of information: the password and the two-factor authentication code," the report said. "The deception had to last through an entire falsified login flow. This approach required a more involved deception than a simple one-off phish, which the attackers may have learned through trial and error.”